# Audit The **Audit** tab provides a complete overview of audit events generated by AppControl and supported hosting platforms. These events give you visibility into changes, access, and system activity across your apps and environments, supporting traceability, compliance monitoring, and incident analysis. Where the Logs tab focuses on technical runtime messages, the Audit tab focuses on **governance-relevant events** — structured records of actions, state changes, and control outcomes across the lifecycle of your applications. View all [audit event types](#audit-event-types) supported by AppControl. *** ### What You See in the Audit Tab The Audit tab displays a filterable list of audit events across your selected scope. Each event includes: * **App** – The application the event relates to * **Environment** – The environment (e.g., Production, Acceptance) * **Event ID** – Unique identifier of the audit event * **Timestamp** – When the event occurred * **Event Type** – The classification of the event (e.g., `CONTROL_FAILED`, `REVISION_CHANGED`) * **Actor** – The user or system responsible for the event * **Event Source** – The originating system (e.g., SYSTEM, hosting platform) * **Event Details** – Structured metadata describing the event The table can be filtered by any of these fields to narrow the view to specific apps, environments, actors, or event types. *** ### Filtering and Investigation You can filter audit events by: * App * Environment * Event ID * Date / time range * Event type * Actor * Event source * Event detail content This makes it possible to: * Investigate a specific incident * Review all control failures in a given period * Trace changes in a specific environment * Analyze activity performed by a particular actor * Support internal audits or external compliance reviews Audit events are stored as structured data, enabling consistent filtering and export. *** ### Event Types Audit events are categorized by **Event Type**. Examples include: * `CONTROL_FAILED` * `CONTROL_PASSED` * `REVISION_CHANGED` * (additional event types are documented below) Each event type represents a specific governance-relevant occurrence within the lifecycle of an app or environment. > A complete overview of supported event types and their meaning is provided in the table below. *** ### Relationship to Compliance Policies Compliance Policies (such as **GOV\_0001 – Change Management**) analyze audit events to determine whether governance controls are functioning as expected. For example: * A missing approval before deployment may result in a `CONTROL_FAILED` event. * A revision update may generate a `REVISION_CHANGED` event. * Access-related actions may generate user or system activity events. Audit events therefore form the **evidence layer** used by Compliance Policies to continuously assess control effectiveness. *** ### Exporting Audit Data You can export audit events directly from the Audit tab. Exports can be used for: * Internal governance reporting * External audits * Incident documentation * Long-term record keeping Exports reflect the current filter selection, allowing you to extract only the relevant subset of events. *** ### How Audit Differs from Logs | Logs | Audit | | -------------------------------- | ------------------------------------------------- | | Technical runtime messages | Governance-relevant lifecycle events | | Aggregated by log level and node | Structured per event with metadata | | Focused on troubleshooting | Focused on traceability and control monitoring | | Driven by runtime logging | Driven by lifecycle actions and governance checks | Both tabs complement each other: * **Logs** help you understand what happened technically. * **Audit** helps you understand what happened from a governance and control perspective. *** ### Using Audit in Practice Typical use cases include: * Reviewing failed controls after a release * Preparing evidence for ISO 27001 or SOC 2 audits * Investigating unexpected changes in Production * Monitoring change management adherence * Tracing user or system activity over time The Audit tab provides a structured, centralized, and exportable record of lifecycle activity across your Mendix landscape. *** ### Audit Event Types The following audit events are generated by AppControl: | Control Domain | Event Code | Event Name | Description | | ----------------- | ------------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------- | | Change Management | DEPLOY\_STARTED | Deployment started | A deployment process has been initiated for an app or environment, marking the start of a controlled change execution. | | Change Management | DEPLOY\_COMPLETED | Deployment completed | A deployment has successfully completed, confirming that the change was applied to the target environment. | | Change Management | DEPLOY\_FAILED | Deployment failed | A deployment attempt failed, indicating that the intended change was not successfully applied. | | Change Management | ROLLBACK\_EXECUTED | Rollback executed | A rollback has been executed, reverting the environment to a previous known revision after an issue or failed deployment. | | Change Management | CONFIG\_CHANGED | Configuration changed | A configuration setting was modified in the environment, impacting runtime behavior or operational setup. | | Change Management | REVISION\_CHANGED | Revision changed | The active application revision was updated, reflecting a new version or build deployed to the environment. | | Change & Release | CHANGE\_APPROVED | Change approved | A change request has been formally approved in accordance with defined change management controls. | | Change & Release | CHANGE\_REVIEW\_COMPLETED | Change review completed | A change review process has been completed, documenting assessment prior to approval or deployment. |